A non-transitory computer-readable storage medium comprising instructions stored thereon. When executed by at least one processor, the instructions may be configured to cause a computing system to at least receive a message, the message including a header, an encrypted symmetric key, and an encrypted body, decrypt the encrypted symmetric key using a private key to generate a decrypted symmetric key, decrypt the encrypted body using the decrypted symmetric key to generate a decrypted body, and store the header, the decrypted symmetric key, and the decrypted body in long-term storage.

A device, system and method for fast and secure Proxy Re-Encryption (PRE) using key switching. A first user is assigned first encryption and decryption keys and a second user is assigned second encryption and decryption keys. First encrypted data encrypted with the first encryption key may be re-encrypted using a proxy re-encryption key to simultaneously switch encryption keys by adding the second encryption key and cancelling the first encryption key by the first decryption key to transform the first encrypted data encrypted by the first encryption key to second encrypted data encrypted by the second encryption key, without decrypting the underlying data. The second user may be the sole system device that possesses the (e.g., private) second decryption key to decrypt the second encrypted data.

Various embodiments of the present technology provide a distributed overwatch system that allows transactions with government-grade privacy and security. The security and privacy can be achieved by a combination of distributed trusted proxies, to which anonymous users connect with the overwatch of a variety of network security engines. The structured ecosystem provides mechanism for the blockchain to be monitored by an overwatch capability combining big data analytics, intelligent learning, and comprehensive vulnerability assessment to ensure any risks introduced by vulnerabilities are effectively mitigated. The system may include multiple proxy servers geographically distributed around the world. Each proxy can be associated with local network security engines to probe and analyze network traffic. Each proxy can mask sensitive data (e.g., personally identifiable information) within the transaction before it is stored. Various embodiments can interface with most blockchain or distributed ledger technologies that support multi-signature transactions and/or smart contracts.

A method and apparatus for accelerating data routing between applications of an application group are disclosed. In the method and apparatus, a host computer system receives registration information from a first computer system instantiated on the host computer system, whereby the registration information indicates whether a first application is executed on the first computer system. In response to a request from a second computer system that is instantiated on the host computer system to route data to the first application, the host computer system routes the data to the first computer system, whereby the internal routing of the data is determinable by the first computer system.

Disclosed is a computer-implemented method for establishing a secure connection between two electronic computing devices which are located in a network environment, the two electronic computing devices being a first computing device offering the connection and a second computing device designated to accept the connection, the method comprising executing, by at least one processor of at least one computer, a connection-establishing application for exchanging an information packet between the first computing device and the second computing device comprising a secret usable for establishing the connection, and evaluating a response from the second computing device for establishing the secure connection.

A method executed by a dynamic session key acquisition (DSKA) engine residing in a virtual environment includes receiving session decryption information extraction instructions that configure the DSKA engine to obtain session decryption information for at least one communication session involving a virtual machine and obtaining the session decryption information from the virtual machine in accordance with the session decryption information extraction instructions. The session decryption information includes cryptographic keys utilized by an application server instance in the virtual machine to establish the at least one communication session. The session decryption information obtained from the virtual machine is stored and provided to a network traffic monitoring (NTM) agent. The NTM agent utilizes the session decryption information to decrypt copies of encrypted network traffic flows belonging to the at least one communication session involving the virtual machine.

A computing device can obtain a session key for encrypting data that is communicated between a client device and the computing device. The computing device can receive, from the client device, an encrypted request for data. The encrypted request can be encrypted by the client device using the session key. The data requested can be stored on a second computing device. The computing device can send, to the second computing device, a copy of the session key and the encrypted request for data. The second computing device can decrypt the data using the session key and can also encrypt data responsive to the request using the session key.

Disclosed are various embodiments for a proxy that enables debugging of transformed code. A proxy receives a request from a client application to obtain transformed code from a first server. The proxy obtains the transformed code from the first server, and the proxy obtains a source map corresponding to the transformed code from a second server. The proxy then returns the transformed code and the source map to the client application.

Disclosed is a computer-implemented method for establishing a secure connection between two electronic computing devices which are located in a network environment, the two electronic computing devices being a first computing device offering the connection and a second computing device designated to accept the connection, the method comprising executing, by at least one processor of at least one computer, a connection-establishing application for exchanging an information packet between the first computing device and the second computing device comprising a secret usable for establishing the connection, and evaluating a response from the second computing device for establishing the secure connection.

Embodiments of the present invention include determining whether a cryptographic certificate can be trusted. A cryptographic certificate is received at a client device. The client device performs a first check on a first set of attributes of the cryptographic certificate. In addition, the client device sends the cryptographic certificate to a central verification server, which performs a second check on a second set of attributes of the cryptographic certificate. In the case that the first set of attributes passes the first check, and the second set of attributes passes the second check, the client device determines that the cryptographic certificate can be trusted.